Académique Documents
Professionnel Documents
Culture Documents
route information into a hop count value and a next hop, it is possible unless no non-attacker node on the loop has re-
challenging to verify the correctness of the hop count value. ceived a better advertisement (in terms of sequence number
In this section, we discuss some of the security properties and metric) for this destination than the best advertisement
of the SEAD protocol. received by some attacker on the loop.
Using SEAD, given an advertisement for a route with a If a collection of attackers form a vertex cut between two
metric of h hops and a sequence number of s, a malicious groups of nodes in the network [16], the attackers can arbi-
node can generate advertisements for h-hop or longer routes trarily control the routes between any node in one group and
with sequence number s, or for arbitrary-length routes with a node in the other group. Since in a vertex cut, any packet
sequence number less than s. Specifically, a malicious node between such nodes must physically pass through a node
cannot generate an advertisement with sequence number on the vertex cut, no routing protocol can eliminate such
greater than s, nor can it generate an advertisement with se- attacks.
quence number s and metric less than h. A malicious node
can generate an advertisement for distance h because it can
6.2. Simulation evaluation methodology
simply resend the same one-way hash chain element it re-
ceived from the previous node; a legitimate node would ad- To evaluate the performance impact of our security
vertise a distance of h 1 and generate the authenticator for approach in SEAD without attackers, we modified the
it by hashing the received authenticator. DSDV-SQ implementation in our extensions to ns-2 [6].
An attacker that has not compromised any node (and Specifically, we increased the size of each routing update to
hence does not possess any cryptographic keys from a node), represent the authentication hash value in each table entry.
cannot successfully send any routing messages, since an un- We also removed the settling time and the sequence number
compromised neighbor node will reject the messages due to changes, as described in Section 5.1.
the failed neighbor authentication. A repeater can function We chose the ns-2 simulator for this study because it
as a one-node wormhole; this is not addressed by SEAD, realistically models arbitrary node mobility as well as phys-
though TIK [35] can prevent this attack. ical radio propagation effects such as signal strength, in-
A collection of a number of attackers that have compro- terference, capture effect, and wireless propagation delay.
mised one or more nodes can only redirect the path from Our propagation model is based on the two-ray ground
a source to a destination through one or more attackers if reflection model [38]. The simulator also includes an ac-
the length of the best (minimum metric) attacker-free route curate model of the IEEE 802.11 Distributed Coordination
for which the source receives an advertisement is at least as Function (DCF) wireless MAC protocol [18].
large as the number of nodes between the destination and In our simulations, nodes moved according to the random
the first attacker, plus the number of nodes between the last waypoint mobility model [20]. Each node is initially placed
attacker and the destination. at a random location and pauses for a period of time called
If each node using SEAD (including attackers) keeps the pause time; it then chooses a new location at random and
routing tables where the next-hop for a given destination is moves there with a velocity randomly chosen uniformly be-
set to the authenticated source address of the first advertise- tween 0 and the maximum speed vmax . When it arrives, it
ment received by that node containing the minimum metric repeats the process of pausing and then selecting a new des-
for the greatest sequence number, then the next-hop point- tination to which to move. The data communication pattern
ers in all nodes’ routing tables will describe a route back to in our study uses 20 source-destination pairs, each sending
the destination. a Constant Bit Rate (CBR) flow of 4 data packets per sec-
With SEAD, no routing loop is possible, unless the loop ond. Each data packet is 512 bytes in size. Table 1 details
contains one or more attackers. Furthermore, no loop is the parameters used in our simulations.
1 70
DSDV−SQ
SEAD
60
0.95
50
0.9
40
0.85
30
0.8
20
0.75
10
DSDV−SQ
SEAD
0.7 0
PSfrag replacements 0 100 200 300 400 500 600 700 800 900 PSfrag replacements 0 100 200 300 400 500 600 700 800 900
Pause Time Pause Time
(a) Packet Delivery Ratio (b) Median Latency
46
70 DSDV−SQ
SEAD
45
60
)
)
50
Packet Overhead (Packets
44
Byte Overhead (Bytes
40
43
30
42
20
41
10
DSDV−SQ
SEAD
40 0
PSfrag replacements 0 100 200 300 400 500 600 700 800 900 PSfrag replacements 0 100 200 300 400 500 600 700 800 900
Pause Time Pause Time
(c) Packet Overhead (d) Byte Overhead